Commerce Bank notifies customers of possible data theft

COLUMBIA — Commerce Bank notified about 3,000 customers about a week ago that their personal data might have been stolen. A spokeswoman for the company, which has 360 locations in five states, said the bank thinks the information of only 20 customers has been compromised.

The Missouri attorney general’s Web site offers the following tips to determine if an identity theft has occurred:
• Check credit card and bank statements monthly — watch for unauthorized charges or withdrawals.
• Check your free credit report three times a year — watch for unrecognized entries.
• You get bills or collections calls for items that are not yours (such as credit-card purchases and loan payments).
• You get a surprising rejection from a creditor.
For more tips, go to the attorney general's Web site.
A free credit report is available online or by calling 877-322-8228.

The FBI is investigating the situation, and the bank is updating security to keep up with hackers, Stanley said.

For now, Commerce Bank will provide all affected customers with free credit monitoring and a customer service phone number. Those affected will also have the option to reopen accounts with different account numbers.

John Schuder, a local Commerce Bank customer whose information was not stolen, thinks personal information is always at risk.

“The problem seems to be it’s not safe anywhere,” he said.

Last year, about 250,000 identity theft complaints were filed, according to a Federal Trade Commission study. And the problem might be more widespread: The FTC reports some 60 percent of victims never report the crime.

In Missouri, identity theft happens “every day in one fashion or another,” said Andy Anderson of the Mid-Missouri Internet Crimes Task Force.

But Travis Ford, consumer educator for the attorney general’s office of Missouri, said the trend toward online banking isn’t worsening the problem.

Ford said studies show that online banking is a safer type of banking.

Online banking, for example, eliminates a paper trail that can be nabbed from trash. And when data is stolen from electronic records, the responsibility falls on the institution to not only protect the information but also to ensure no customer’s money is taken, Ford said.

When buying online, Ford recommends paying for purchases with a credit card because of a federal law that makes consumers responsible for only the first $50 of an unauthorized charge. That level of protection does not apply to any other forms of payment, he said, such as debit cards, check or PayPal.

Regardless of the banking method, Anderson said it’s important to protect personal information, such as Social Security numbers and bank account numbers.

“I think the bank industry works real diligently at keeping that information safe,” Anderson said. “When it gets compromised, it’s because of the mistakes we make as consumers.”

Anderson said common sense is also needed.

“The number one thing people can do is think about what they’re doing,” he said. Don’t give out information in an e-mail. “No reputable company” will contact consumers online, he said.

If your information is stolen, Anderson suggests immediately contacting credit reporting agencies and putting an alert on the reports.

Columbia has been affected by scams in the past.

In May, hackers stole the personal information of more than 22,000 current and former MU employees.

Phishing e-mails that attempt to lure customers to reveal personal information such as pin numbers are common in local inboxes. In June 2006, for example, Columbia’s First National Bank customers notified the bank of suspect e-mails linking recipients to a fake Web site depicting the bank’s logo.

The information lifted in the recent Commerce theft was names, addresses, phone numbers, Social Security numbers and a few checking and savings account numbers. No credit card or online banking information was affected, Stanley said.

The security team discovered the breach through routine systems monitoring, Stanley said.